Most government departments lack basic data-protection and error-correction policies, responses to a series of Freedom of Information requests have revealed.

Garlik, a UK company that helps people find which of their personal information exists online, sent out the FoI requests between September and November last year. The FoI requests asked 30 government departments four questions about their handling of citizens' personal data.

Each government department was asked: whether it has a written data-correction policy; whether it has been audited to ensure compliance with the Data Protection Act (DPA); whether it has funding dedicated to correcting erroneous data; and whether it holds statistical data regarding the correction of incorrect information.

One of the principles of the DPA, which was passed in 1998, states that "data shall be accurate and, where necessary, kept up to date".

The results, revealed on Thursday, were described by Garlik as showing a "dangerous complacency regarding the accuracy of databases containing the personal information of British citizens".

None of the departments answered yes to all four questions posed in the FoI requests. Only three of the 30 departments approached had written correction policies and procedures in place, and only the Driver and Vehicle Licensing Agency (DVLA) and the Department for Transport have had independent audits to check they were complying with the DPA. None said it had funds allocated to or statistics on its correction of data.

"The government's complacent attitude towards managing and correcting our personal data is all the more shocking in light of the 176 public data losses that have occurred this year alone," Garlik chief executive Tom Ilube said in the company's statement on Thursday. "What people really care about is that if the government holds your personal data, it is accurate and well looked after."

"As we head towards ever-larger government databases, it is crucial that government deals more effectively with error rates and handles data in a way that maximises accuracy and prevents future breaches," Ilube said.

Garlik recommended that any government department running a large database should appoint a chief privacy officer to be held accountable for personal information. It also said every government department should have written procedures to manage, monitor and report on the accuracy of the personal information that it holds. In addition, all government departments should be periodically audited to ensure DPA compliance, and the results of those audits should be published, the company recommended.

Garlik was founded by former executives from the online bank Egg, along with former British Computer Society president Nigel Shadbolt. The company's advisory panel includes some of Shadbolt's fellow semantic-web pioneers, such Wendy Hall and Tim Berners-Lee.

The Information Commissioner's Office had not responded to a request for comment at the time of writing.

Thank You

By registering you become a member of the CBS Interactive family of sites and you have read and agree to the Terms of Use, Privacy Policy and Video Services Policy. You agree to receive updates, alerts and promotions from CBS and that CBS may share information about you with our marketing partners so that they may contact you by email or otherwise about their products or services.
You will also receive a complimentary subscription to the ZDNet's Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe from these newsletters at any time.